Speaking at the Caldicott review

Yesterday AMRC gave evidence to the Caldicott review on the use of patient data. Two sets of numbers repeatedly came up. One million and 36. It seems that one million people have some sort of interaction with the NHS every 36 hours. And each such event creates important patient data – important to the individual of course, but beyond that, important for research and to wider society.

We put the case to the review panel that the public is broadly supportive of researchers having access to their data. Our 2011 Ipsos MORI poll showed that 80% of patients would like their doctor to offer them the opportunity to allow a researcher access to their records, with no further involvement from them.

The NHS, which treats the whole UK population from birth to death, is a treasure trove of data. It’s a unique research tool or could be – but it punches far below its weight. Securing research permissions still takes too long. Much of the difficulty comes in three areas:

There is ambiguity about the legal framework, which is a complex web of common law, UK written law, and now EU regulations

Because of that ambiguity, regulatory authorities are risk averse, and in the approval of research projects often err far too far on the side of caution

And the approvals process is fragmented, so individual trusts and organisations use their own process, templates and frameworks. The result is not only inconsistent decisions, but also unnecessary delays, as researchers seek individual approvals from all sites involved in a project.

The booklet (PDF) produced for the All Party Parliamentary Group on Medical Research summer reception showed some of the impacts of those difficulties and delays; fantastically important projects mired in administrative friction:

The SAIL system has anonymised data from health, education and environment (see booklet, p11). It enables cohort studies in Wales, and though very successful is still struggling to access important smaller data sets such as those in GP surgeries

The England and Wales maternity database (on p13) set up to record birth outcomes across the country and to investigate incidences of prematurity or death which had to apply three times for permission for the same linkage.

With these examples in mind, AMRC asked the review team to clarify that so called “pseudonymised” data, which cannot be identified by the researcher and are effectively anonymous at the point of use, should be treated as such, and as a consequence, not require consent.

Clearly the public will want to feel that the way their data is collected, stored and managed is secure. That the safe havens we all talk about really are safe. We think this means that:

data is held to approved technical standards in an intermediary body like the CPRD

the standards of anonymisation are safe and secure – that the data controllers follow clear, auditable best practice

the researchers that use the data are properly accredited

real sanction for contravention are applied.

We also set out our support for the government’s proposal in the life sciences strategy of December 2011, that the NHS constitution be amended so that patient data could be used in this anonymised, non-identifiable way without requiring further consent. This would remove the “consent for consent” conundrum – where researchers need to seek consent from patients to review their data in order to find those patients who might be suitable for a research project. Under these new proposals, provided the researcher was accredited, using data containing only a non identifying label no further consent would be needed.

In order for this to work – patients and the public need to understand and have confidence in how their data will be used. The Sharing Data workshop we held in May worked with member charities to identify the issues most likely to be important to patient groups. The workshop raised several important caveats we have put to the review team:

Patient groups actively understand the world of science and are often highly motivated to support research. The general public understand this area far less and yet we need to find a way to help them feel confident about how their data may be used.

To be really useful, data are needed from the healthy as well as the sick. We need control data and we need large scale population data so that cohort studies can take place. This means the public accepting the use of their data for a greater societal good beyond any benefit to them as an individual.

Even strong supporters of research often show marked biases against sharing some data (mental health or sexual health data for example); we need to have a suitable approach to this

Patients show some concern about data being shared with industry, yet some of these partnerships are vital. Pharmacovigilence studies for example, that assess the safety of new drugs once they are launched, are vital to health but can only be done in conjunction with pharmaceutical companies

We need a public debate that makes the sharing of data part of the “social contract” we all have with the NHS. And we need to accept the validity of an opt out for those few people who really do not want their data to be used in this way.

My guess is that the use of such an opt out will be quite small. Why do I think that? Let’s return to the two numbers – one million and 36. In the recent UK Collaborative Trial of Ovarian Cancer Screening, over 1 million women were contacted by letter and asked to participate. Less than 36 of those women wrote to complain about being contacted. We may be closer to data for the common good than we think.